Scott Bessent: AI-Powered Cybersecurity – Project Glasswing and the Future of Software Security

AI Revolutionizes Cybersecurity: Introducing Project Glasswing

The cybersecurity landscape is undergoing a seismic shift, driven by the rapid advancements in Artificial Intelligence. Project Glasswing, spearheaded by Scott Bessent, represents an urgent and proactive response to this evolving threat. We formed Project Glasswing because of the groundbreaking capabilities observed in a new frontier model trained by Anthropic – a model poised to reshape how we approach cybersecurity.

The Dawn of AI-Powered Vulnerability Discovery

Claude Mythos2 Preview, a general-purpose, unreleased frontier model, has revealed a startling truth: AI models have reached a level of coding proficiency that surpasses all but the most skilled human experts in identifying and exploiting software vulnerabilities. Mythos Preview has already uncovered thousands of high-severity vulnerabilities, including those present in major operating systems and web browsers. Given the accelerating pace of AI development, these capabilities will soon become more widespread, potentially falling into the hands of actors who may not prioritize safe deployment.

The potential consequences – for economies, public safety, and national security – are severe. Project Glasswing is a critical initiative to harness these powerful capabilities for defensive purposes. It’s a race against time to secure the digital infrastructure that underpins modern life.

Collaborative Defense: A Multi-faceted Approach

Project Glasswing isn’t a solo endeavor. Launch partners are actively utilizing Mythos Preview to bolster their defensive security measures, and Anthropic is committed to sharing the insights gained with the broader industry. Access has also been extended to over 40 organizations responsible for building and maintaining critical software infrastructure, enabling them to scan and secure both their own systems and open-source projects.

Anthropic is investing significantly in this effort, committing up to $100 million in usage credits for Mythos Preview and an additional $4 million in direct donations to open-source security organizations. This demonstrates a firm commitment to fostering a collaborative and resilient cybersecurity ecosystem.

The Stakes are High: Why Proactive Security is Crucial

The software we rely on daily – powering banking systems, safeguarding medical records, managing logistics, and maintaining essential infrastructure – inherently contains vulnerabilities. While many are minor, some pose serious security risks that could be exploited by cyberattackers to disrupt operations, steal data, or hijack systems. We’ve already witnessed the devastating impact of cyberattacks on corporations, healthcare providers, energy grids, and government agencies worldwide.

State-sponsored attacks from nations like China, Iran, North Korea, and Russia pose a significant threat to both civilian and military infrastructure. Even smaller-scale attacks can inflict substantial economic damage and compromise sensitive information. The global financial cost of cybercrime is estimated to be around $500 billion annually.

AI as a Double-Edged Sword

Historically, finding and exploiting software flaws required specialized expertise. However, the latest frontier AI models are dramatically reducing the cost, effort, and skill required to uncover and exploit vulnerabilities. Claude Mythos Preview represents a significant leap forward, identifying vulnerabilities that have evaded decades of human review and millions of automated security tests.

Without adequate safeguards, these powerful capabilities could be misused to exploit existing flaws, leading to more frequent and destructive cyberattacks. However, the same AI capabilities can also be leveraged to proactively identify and fix vulnerabilities, creating more secure software from the ground up.

Project Glasswing in Action: Real-World Results

Over the past few weeks, Claude Mythos Preview has identified thousands of zero-day vulnerabilities – flaws previously unknown to software developers – in major operating systems, web browsers, and other critical software. Technical details for a subset of these vulnerabilities, along with examples of how Mythos Preview exploited them, are available on the Frontier Red Team blog.

The model achieved this remarkable feat largely autonomously, with minimal human intervention. The vulnerabilities have been reported to the respective software maintainers and are being actively patched.

Industry Leaders Join the Fight

Several leading technology companies have joined Project Glasswing, recognizing the urgency of the situation:

Cisco: Emphasizes the need for aggressive adoption of new security approaches.
AWS: Integrating AI into its security operations to strengthen code and defend at scale.
Microsoft: Leveraging AI to improve security and reduce risk, showing substantial improvements on security benchmarks.
CrowdStrike: Recognizing the need for faster and more sophisticated security measures.
The Linux Foundation: Empowering open-source maintainers with AI-powered security tools.
JPMorganChase: Collaborating to evaluate and implement next-generation AI tools for cybersecurity.
Google: Making Mythos Preview available through Vertex AI and investing in AI-powered security tools.
Palo Alto Networks: Preparing for AI-assisted attackers and modernizing cybersecurity stacks.

Looking Ahead: A Collaborative Future

Project Glasswing is just the beginning. Securing the world’s cyber infrastructure requires a collective effort involving AI developers, software companies, security researchers, open-source maintainers, and governments. Anthropic is committed to sharing its learnings and collaborating with the industry to develop practical recommendations for evolving security practices in the age of AI.

Anthropic is also engaging with US government officials to discuss the offensive and defensive cyber capabilities of Claude Mythos Preview. Maintaining a decisive lead in AI technology is crucial for national security, and governments have a vital role to play in both assessing and mitigating the associated risks.

We invite other AI industry members to join us in setting the standards for a secure and resilient future.